floraachy
/
gitlink-forgeplus
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fixed raw request.referer 防盗链

This commit is contained in:
xxq250 2024-10-22 09:27:53 +08:00
parent 7303be9db2
commit 0d2ed00e4c
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/application_controller.rb
View File

@ -210,6 +210,10 @@ class ApplicationController < ActionController::Base
tip_exception(401, "请登录后再操作") unless User.current.logged? tip_exception(401, "请登录后再操作") unless User.current.logged?
end end
def require_referer
tip_exception(403, "你没有权限访问") if request.host.present? && !request.referer.to_s.include?(request.host.to_s.gsub("www.",""))
end
def require_login_or_token def require_login_or_token
if params[:token].present? if params[:token].present?
user = User.try_to_autologin(params[:token]) user = User.try_to_autologin(params[:token])

1
app/controllers/repositories_controller.rb
View File

@ -13,6 +13,7 @@ class RepositoriesController < ApplicationController
before_action :get_ref, only: %i[entries sub_entries top_counts files archive] before_action :get_ref, only: %i[entries sub_entries top_counts files archive]
before_action :get_latest_commit, only: %i[entries sub_entries top_counts] before_action :get_latest_commit, only: %i[entries sub_entries top_counts]
before_action :get_statistics, only: %i[top_counts] before_action :get_statistics, only: %i[top_counts]
before_action :require_referer, only: [:raw]
def files def files
result = @project.educoder? ? nil : Gitea::Repository::Files::GetService.call(@owner, @project.identifier, @ref, params[:search], @owner.gitea_token) result = @project.educoder? ? nil : Gitea::Repository::Files::GetService.call(@owner, @project.identifier, @ref, params[:search], @owner.gitea_token)